One of the most used financial products is the Credit card. We all spend so much time to get best credit card, but I have never seen someone, who has spend his time to fully understands the importance of the CVV number, One time password, Signatures on the back of credit card or how secure their credit card is overall ! .

There are so many credit card frauds going on, and yet each of us thinks, that our credit cards are fully secure and it cant happen with us. However, this is really far from the truth, because of the 4 big myths people have about their credit cards and we will bust them today for you, so that you become a more powerful and informed investor!

When you make a transaction through a credit card in India, at the end of the transaction, you are asked to enter one more final PIN number, which makes your transaction more secure and gives you an additional layer of security. RBI had come up with this additional password requirement just last year. While you needed credit card number, expiry date and your CVV number to make a transaction earlier, now as an extra security layer, you need this additional PIN too.

However note that this is limited to online transactions on Indian websites only. When you make a transaction outside India, this additional step is not compulsory. This means that someone having every other detail of your credit card other than your PIN can also do transactions even if he does not know your PIN . You must have realized this yourself, if you have done any transaction outside India.

Myth 2 – No one knows my CVV number, so I am secure

One of the biggest myths about credit card is that, if no one knows your CVV number, its impossible to do the transaction. Take a small breath, while I tell you this.

“CVV is not always mandatory on all websites to make an online transaction.”

Yes, you heard right!. You can make a online transaction on few websites out of India with only the Credit Card number, the expiry date and obviously the name of the credit card holder. If you don’t believe me, here’s a small example.

Try to book a domain name at godaddy.com. I was almost numb, when I booked a domain name some time back, only to realize that the domain name was booked, but the site never asked me my credit card CVV number and I was like – “What ?! Seriously ?!” . I then found out, that asking for CVV number is just optional for credit card merchants. While some countries make it mandatory, others don’t. It’s just a choice!

So make sure you are safe, do this

Scratch your CVV number on the back of your credit/debit card

Always make sure the swiping happens in front of your eyes! , I know, it can be a little embarrassing for you, but its just an extra mile security, see if its possible for you

Better do not use Credit Card at all , use Debit card instead!

Myth 3 – My credit card can’ t be duplicated.

Yes, your credit card can be duplicated and it happens in India. A card (credit or debit) might be using something like EMV chips or Magnetic strips, and that’s where the problem is at. While EMV chips are more secure, the magnetic strips are not!. If your card has magnetic strips, it can be duplicated.

Here is how it works …

Your card has a lot of data inside it and it sits on the magnetic strip. When the card is swiped, all the data is extracted from it, for verification purposes. Now some expert hacker with bad intentions, can extract all this data from the swipe machine and make a new card using a technique called Cloning. There are machines called “skimmers” , which helps in extracting the data from the swiping machines to a new card. If you are still wondering if this all happens in India, here is a story excerpt from Hindu website

According to the police, the machines were used to swipe cloned cards by one Rahul. The cloned cards were arranged by Pankaj Deewan, Yogesh Mahajan and Yasin through their contacts. The amount transferred to Dheeraj alias Rohit’s account was shared by the machine holder and cloned cards holder at 40:60 ratio respectively.

Following this, the police launched a hunt and subsequently arrested Dheeraj, Pankaj, Yogesh and Yasin. They purportedly told the police that the domestic cards were cloned by one Kamal and international cards by Devender Chauhan of Agra with the help of a professional hacker. The cards were cloned by obtaining information of genuine customers and then copying the same on a plain card having a magnetic strip. According to the police, the accused used skimmer (a device used to copy data from credit/debit card) for the same.

And if you still don’t believe all this, here is a video you might want to spend time on

Myth 4 – The signature on the back on credit card does not matter much

One of the most misunderstood and unknown facts about credit cards is the signature on the back of the card. Let’s understand the rule today and lay this to matter to rest. If a credit card does not have a signature on the back, it’s an invalid card. As per the agreement between card issuer and merchant (the shops and hotels which give you the facility to swipe the cards), the merchant is supposed to check the signature on the back of card with the signature on the bill, and only if they match, the merchant should allow the card to be swiped.

However almost all the merchants avoid checking it, as if it does not matter at all. This is violation of terms and conditions and if you have lost a credit card which was SIGNED, and some transaction takes place, you are not suppose to be charged, because the merchant should have checked the signatures on card with the signature on the bill. What this means is that if there has been ever a fraud on your credit card, and you are asked to pay the money (Like this Incident) , just ask your card issuer to check the signature on the bill with your specimen signatures with them and if they do not match, they are not suppose to pay the merchant at all and let merchant take the loss for not doing their duty of checking the signatures.

This explains why you should sign your cards on the back and not leave them blank, because if someone steals your card and puts his signature on the back, then the transaction can be done successfully even if the merchant does his duty of checking the bill signature with the signature on card and in that case you are bound to pay the money to card issuer.

MYTH 5 – By paying minimum balance, I do not have to pay Interest

As you have used your credit card and now it’s time to pay your bills of Rs 15000. But you don’t have money to pay back the bill. You are in tension because if you don’t pay your bill you will be charged penalty. So to avoid penalty you pay minimum balance of Rs 3000 and now you will not be charged penalty. So now the left over bill amount is Rs 12000.

You must be happy that you will have to pay Rs 12000 only but let me tell you that you will have to pay Interest of 3 to 4% on this 12000. So even if you pay your minimum balance to avoid penalty but you cannot avoid the interest charged on the left over amount.

MYTH 6 – Too many credit card will improve my credit score

Many people think that if they opt for more than one credit card then there credit score will increase eventually. But this is other way round. If you opt for too many credit cards you won’t improve your credit score but you end up being more dependent on these credit cards, which is not a good sign. Managing too many credit card becomes burdensome.

Tips to Secure your Credit Card

I hope, now that these myths are busted, you are a more informed and powerful person who the rules of the game of credit cards . To summarize, lets put out some tips to secure your credit card

Do not share your one time credit card password (IVR) with anyone ever

Scratch your CVV number and remember it in your head !

While making any online transaction, make sure the website starts with https://

While making any transaction offline like on petrol pumps , hotels etc, make sure its swiped in front of you as far as possible.

Make sure the card is swiped on a machine which is issued by authorized banks and not some machine which looks suspicious , it can be a “Skimmer” machine which steals your data.

Put a signature on the back of your credit and debit card, so that unauthorized transactions are not done and you are protected a card holder

If possible, better use a credit card which has a small limit like 10k or 20k for shopping.

Dear Sir, today i received call on behalf of HDFC bank. Person told his name Rahul HDFC Bank Manager. He said that your credit card not activated yet that’s why i call you for the online activation. as card was received only one day before and massage received on my phone also states that the card we dispatch to you in deactivated mode. He ask for
1. ATM card type like visa or Master
2. Credit card No
3. Expiry date
Above detail I was given to person but then he asked “what is the CVV no on the card”.
Then I was enquired about his name and bank branch name and deny to give CVV no.
He warned me that if not give detail he will cancel the activation request.
I was cut the phone immediately. Just want to know that the information given by me to that person problematic for me or help in any online transaction/fraud activity?

No a days https://www.godaddy.com use ccavenue payment gateway to process Payments. What, you wrote was correct few years back, but as this company has presence in India, now they are abiding the rules and regulations in India.

Hi Manish,
Signature on the back on credit card is little bit confusing for me. There are some advantages and also Disadvantages if i signed on back of card. So whats the beneficial for card holder, to sign or not? Pls reply.

Hi! Thanks Manish for the excellent article and solutions for commonly encountered problems. But most of the issues mentioned were merchant based transactions. I am asking about online transactions. I just received my HDFC free credit cards and planning to use them. But after reading your article, I just am thinking whether to use them or not. I checked amazon.com (US) and found that they ask only for credit card number and expiry date. So if I use my card at merchant outlet, somebody can memorise the card number or take a pic of card when we give to swipe, e.g. at restaurant when we dont see the card swiped. In such case, he can do all the fradulent transactions after entering these details. How to safeguard against these fraudsters?

Hey Manish
I could not pay the last EMI( Rs/-2500) purchased through HDFC credit card as I have changed the company in the meanwhile and my registered email ID got blocked afterwards.
Now after a gap of nearly 2.5 years they are asking me to pay 12000 Rs/- in order to settle my account. I am ready to pay the amount of Rs/-2500 but not Rs/-12000. They are forcing me to pay 12000 and subsequently my CIBIL scores will be hampered.
Kindly help and guide.

Yes, they are correct. Your 2.5k has become bigger by adding all the charges and interest and late payments, they are correct in asking for 12k . I suggest pay it off and close the matter. There are other bigger issues in life to deal with . Dont get stuck with this.

I received a call from a so called gentleman who posed as a SBI ATM issuing of new card. He rang from this number 7384897159 on 30.11.2015 around 11.30am in the morning. I usual don’t entertain any calls from banks, but being a bit (more than bit) stupid he said that all he wants to know was the date of expiry. Seeing no harm I disclosed the date. He then said that he wanted to know the card number and started to tell me the first five digit of my debit card. Sensing that he may be a real State Bank Of India (SBI) official he asked me to confirm the rest of the number.

He never asked me for my name, After that he said that SBI would send a verification number which was an OTP on my mobile number. This arrived immediately without really thinking, I told him the number when he asked for it as this would then finish the verification process. I then realised that this wasn’t correct. I immediately informed the bank and blocked the card but by then he had transacted Rs8000 from my account.

My question is that can anyone with just a debit card number and date from which the debit card was issued (in my case started from Nov 2010) can then send request to the bank to send OTP numbers?

Please note the card did not have a CVV number nor did I disclose my pin. It was the SBI debit Card Number and date it started from that he wanted to know

I have learnt mu lesson the hard way – even though I was aware – but I am a bit surprised that State Bank of India does not have any other security for Debit Cards – like the CVV number.

I don’t think the SBI will reimburse me the money but am going to the Cyber Crime Police in Kolkata.

I would be grateful for any advice of SBI can have a very low level of security where CVV is not asked Please others be warned I was aware – but I still got caught

Your card must have been a Maestro Card and it must probably start with 6220 and has 18 digits and not 16. This is an old card. You should get a new debit card with EMV Chip. There are various cards to choose from like Domestic, Silver, Global, Gold, Platinum etc. with their respective rates.

Is that same with debit card?
Is it possible to debit for anyone anyhow o fraud me with -info of my Visa SBI Debit card no., expiry date, cvv no. and registered mobile no.. Provided he has no access to my mobile. This is actually the case with me.

I remember once having a credit card with my photograph on it. At least as far as offline transactions go, this is a very safe method to avoid fraud. Do not know why banks do not issue such cards, including debit cards.
Secondly, a mandatory OTP, both for any offline and online transaction should also be nearly 100% safe.

Manish – the signature on the back of credit card is actually of no use. I am speaking from first hand experience. My ICICI card was swiped at a petrol pump twice. One for my transaction and one for someone else’s (by mistake). When I checked my statement, I saw 2 transactions for petrol which was impossible as my car cannot simply take that much fuel! I reported to bank – escalated all the way up to Chanda Kocchar. I got them to retrieve the charge slip. Slip clearly did have someone else’s signature. So I confidently asked Bank to revert the transaction – but they said that in case of physical swipe the act of swiping is binding. I eventually escalated to Indian Oil and got them to the task to refund me the money.

We are here talking about the guidelines and the rules set by the credit card companies. Now the execution is the problem. Banks will surely try to get away with the problem here saying that you will not get money, You will have to go to extra mile here (consumer court etc) , which I am sure not many will do .

Dear Manish,
very informative article. But still I didn’t get answer to my query as to how a fraudster is able to make purchases with a stolen debit card when he doesn’t know the PIN. This is in reference to a news article published today i.e. 25 Oct 13 in Rajasthan Patrika, where two FY students stole a card and started making purchases instantly; one in a clothing store and another in a restaurant where the owner caught them thanks to sms alert facility and handed over to police. The owner had used the card earlier in the same location and probably forgot it in the ATM. These type of incidents have happened before as well where mercantile purchases are made with stolen debit cards. Dont the cards get locked when wrong PIN numbers are fed consecutively. Please throw a light on this. Thanks Brijendra

You dont need a PIN when you swipe a CARD most of the times. Also for making international purchases online,you dont need a PIN . Its only needed for indian transactions . Have you read the article fully ?

I have checked some of the articles on your site, However, I noticed that there is no date mentioned about when this article is written. However, I do understand that we can guess the tentative date looking at the first comment. But, still I believe having the date will help to understand on what point of time you have written the particular article and it is easy to link to the information you have written about.

i wud like some info about credit cards:
1.say i have 2-3 credit cards and i want to cancel all of them and retain one only will it affect by credit rating???
2.wht is the best plan for protecting the fraudulent use of ones credit card?
3. which is the best protection plan for credit cards?
4.how to create a virtual card?

Now a days the bank guys issue credit card worth 2 to 3 times of your take home salary, which can be a big amount(say > 1lac credit limit). I do 3/4th of my purcahses through credit cards(~5-8k). I don’t see any use of such high credit limit unless it is an emergency situation. So what i follow is to have just 2 credit cards.

Card 1: Regular usage card (Cash back card), all my purchases are made through this & my monthly bill doesn’t exceed 10k. So I talked to customer care & reduced the credit limit to 20k with zero cash limit. It will be helpful to track our expenses at end of each billing cycle.

Card 2: Stand by card, Keep it safely in home. It has a higher credit limit. Use only if there is a real big need.
Is it ok to keep high credit limit unused?

Yea , this is a good idea .. I would say there is no need to reduce your limit to small amount like 20k , better keep it 2 times of your maximum purchase possible , like if you feel that max to max your expenses in any month can reach 25k , then better have a credit limit of 50k .

Very nice and informative article Manish. I have decided long back even before I fell in love with jagoinvestor I have decided that I will never use Credit Card in my life. I just don’t need it. I can very well manage with my 2-3 Debit Cards.

serious respect for u manish…
i read ur book jago investor..its kickass
well i watned to know about property..real estate in mumbai..
have u written any book on that:? please let me know..
i needed more information.
thank you
God bless

if i put my signature at the back of the card. the person who found the card obviously will make similar signature on the bill. and shopkeeper obviously do not have experties to observe the difference.
so i dont think it adds any security by signing it.

in fact i feel if i dont sign at the back, then definitely the person who is misusing it can not even imagine about my signature. And later while i am claiming that i was not the person who made this transaction, it will be easy for me to put onus on CC company because the signature must be entiely different.

I have also been a victim of credit card fraud transaction, and as recent as the end of 2012. I disputed my transactions (HDFCbank cc) and the service guys obliged. But my would you believe it, the fraud transactions worth around 60,000 INR were done in the U.S of A ! Fairly surprised me, but good though, i might add, since all i had to do was prove that i was not in US on the day of transactions. Had it been a fraud in India, the bank guys would probably have billed me and then i would have had a tough time arguing about that !
and to think they had this extra-safe chip embedded in it, making it ultra safe

IMO, if its must to have a credit card, its safe to have only one; common for both personal & professional use; we have our debit card anyways. (many people including me have this feel good factor about having one VISA and one MASTERCARD enabled card, just in case one or either is not accepted somewhere ! i realise now foolish that is)

thanks for sharing your experience .. Truely speaking , all these tools are for convinience and at some level , some risk is always there, we have to try that we should not over rely on these cards and as far as possible use debit card for transactions and only use credit card for online transactions , thats what I personally do .

1. Signature mismatch gives no protection to customers and as per Visa norms, the liability remains with the customer only. Missing signatures can be disputed as fraud transactions but I believe that this is also being modified by Visa such that the liability remains with the customer only. Chip and PIN cards will be a reality soon enough, so this problem should be reduced to quite an extent.

2. Practically, all websites in India will ask for both CVV-2 (CVC-2 in case of MasterCard) and 3-D Secure password since both card issuing banks and merchants are bound by the RBI Guideline. In case anyone doesn’t (which is pretty unlikely since this will be a compliance violation), you can complain to both the bank and the Nodal Officers/Ombudsmen.

3. After the RBI Guideline on 2Factor Authentication, the number of Internet related frauds have come down drastically, esp in India. Foreign websites inclusing popular ones like Facebook, itunes, Google etc ask for CVV-2 while registering for the first time but after that only card number and expiry is asked by them for subsequent transactions. From a customer perspective, there isn’t necessarily a risk because you can raise a dispute on this and get the refund because the Card-Issuance Bank is compliant but the merchant is not.

4. A main fraud area where there isn’t a control now is MOTO (Mail Order Telephone Order transaction) where the Card Number and Expiry are entered by the merchant manually, like in Insurance or Magazine subscriptions. RBI has asked banks to bring in 2F Authentication here also but the complexity of doing it an environment where neither the Card nor the Cardholder is present has meant that no consensus has emerged on how this needs to be handled.

Thanks for that information . I was of impression that if you sign the credit card, then when some one tries to do a fraud, and puts his signature on reciept, the onus is on merchant for this to double check if the signature on card matches with the receipt , I was look at some PDF yesterday by VISA and it had put this as a responsibility of merchant .

Few days back I was shopping in Globus and when I moved to pay the amount using my CC. I was shocked, they were keying in all my CC details ( Name on CC, CC number and expiry date) in their system manually. I told them “You are not suppose to take my CC information into your system by externally entering it, the movement you swiped my CC all relevant information is captured in your system.”. They said “This is how we do always and no one can use this information as CC online transaction requires password”. I explained them the same information that anyone can use it without even the password. They finally said “This is our procedure and our system requires that information”.

I even reported this to my bank and till the date I did not received any response from bank.

Eye opener article……i know in some website they don’t ask one time password…..but not asking even CVV is a big surprise……Thats too risky….i will share one instance….nearly one year back i got stan chart. platinum credit card and the docs required were any credit card front page photocopy which has a credit limit of 60k…….i also asked stan chart. official that it can be misused , he assured me to only give front page photo-copy of CC and not to share my CVV number photocopy page….today i am realizing i have done a big mistake….financial ignorance….Thanks for such a wonderful article….

Just wanted to share information for safty.
Even if someone wants to opt for the Credit Cards then you should ask for the “Lost Card Liability” with the provider. Some banks do provide this and this keeps you safe even if someone with cloned card swiped your cc account.
There is also a CPP (Card Protection Plan) some banks offer they charge you some annual fee and with this service you can register all your credit and debit cards. So in case you lost ur card then you can make a single call and have it blocked or report a fraud transaction at CPP.

Thanks for the excellent article. Also, if possible, i request an similar article on advantages and disadvantages of instant credit cards and the procedure to get them. I am aware ICICI/HDFC provide instant cards. Are they being offered by public sector banks too ?

Yes, public sector banks do provide instant / virtual cards. I have savings account with SBI and they do provide virtual cards. Pasting some useful information

1.What is Virtual Card?
Virtual Card is a limit Debit card, which can be created using the Bank Internet Banking facility for ecommerce (online) transactions.

The Card can be used to shop online at any merchant website that accepts Visa Cards, without any difference from a regular plastic Card.

The Card will be issued by marking a lien on the selected account and actual debit to the account will take place only when the Card is used.

2.What is an e-commerce (online) transaction?
Electronic commerce, commonly known as e-commerce, refers to the buying and selling of products or services over electronic systems such as the Internet and other computer networks.

3.In general, what are the features of Virtual Cards?

•More secure:-
•It reduces the risk of exposing the underlying Credit/Debit limit as the Primary Card / Account details are not communicated to the Merchant.
•Card is valid up to a maximum of 48 hours or till the transaction is complete, whichever is earlier.
•As Card creation and online transaction is authorised only after successful validation of One Time Password (OTP) sent to your Mobile during the process.

•Highly Flexible:-
•It enables Bank customers to pay from any of their Internet Banking enabled accounts, having transaction rights.
•Card can be created for any amount, from Rs. 100 to Rs. 50,000 (Round rupees)
•Card can be used at any online merchant site that accepts Visa Cards.

•Zero Loss:-
•No loss of interest as the Card is generated by marking a lien on the underlying account and the amount is debited only when actual transaction using the Virtual Card is completed, successfully.

4.Is my Virtual Card safer?
•Yes, the customer details (your bank account No., mobile No. , email address, etc) are not shared with Merchant / Vendor.
•The Card is a single usage card, i.e once used successfully it cannot be reused.
•The available window for Card usage is limited to a maximum period of 48 hrs.
•Card is created using secure Internet Banking website and Card limit is decided at the time of creation.
•Both Card creation and usage during online transaction are authorised only after successful validation of OTP, making it more secure. (Refer Q3 above)

5.What are the advantages for using Virtual Card for e-commerce transactions?
•Virtual Card provides an easy and secure way of transacting online without providing the Primary Card/ Account information to the merchant.
•It reduces the risk of exposing entire Credit/ Debit limit/ as the Primary Card/ Account information is not communicated to the merchant.
•Card is valid for a Max. of 48 hours or till the transaction is complete.
•The amount is debited only when actual purchase, using the Virtual Card, is completed successfully.

6.Who can create Virtual Card?
All customers of Bank having Internet Banking facility with transaction rights, can create the Card on-line.

8.How can I create Virtual Card?
•Login to your online banking account and click on “Requests” tab and select “Bank Virtual Card” option.
•Click on “Generate Virtual Card” tab.
•Enter the amount and select an account which will be debited for funding (initially lien-marking and later debiting) the Virtual Card.
•Enter the secure 8-digit password (OTP), received on your mobile.
•After successful validation, Card image with Card No., expiry date, etc will be displayed on the screen and your Card is now created and available for e-commerce transaction.

9.Can I generate my Virtual Cards from any Computer / Device?
or Do I need special application to create virtual Card?
You can generate Virtual Card from any computer / device that has internet access and a compatible browser i.e can open Bank’s Internet Banking website
All you need is an Internet connection and a compatible browser. Recommended browser: Internet Explorer version 5.5 and above or Mozilla Firefox 1.5 and above.

10.Where can I use my Virtual Card?
You can use your Virtual Card at all merchant websites in India that accept VISA/ MasterCard Debit Cards as a payment option (payment in Indian Rupee). However, sites such as the adult entertainment-sites, gambling-sites, etc, have been prohibited.

Note:
Virtual Card cannot be used at PoS machines or ATMs for cash withdrawal or for recurring/ instalments payments or for any other transaction that requires physical card.

* please check the merchant’s policy carefully.

11.How can I use my Virtual Card?
•Select required goods / services on merchant website.
•Select Debit Card / Visa Card from the payment options.
•Enter the Virtual Card details on the website.
•Enter your secure 8-Digit password (OTP), received on your mobile.
•After successful validation, you will receive SMS on your registered mobile confirming the transaction.
•After the transaction, the Card will be de-activated and cannot be used again.

12.What is an OTP?
OTP is One Time Password (Eight digits numerical) which is generated by bank for validating card creation and for confirming merchant transaction.

13.What if I do not receive OTP?
If you have trouble receiving your OTP, please click on the link provided at the bottom of the webpage and if you still face problem, please call helpline number to check whether your mobile is registered with Net Banking or not.

14.How many times OTP can be entered?
You can make maximum three attempts to enter the OTP. Your Card will be blocked on the 4th attempt, for security reasons, and you will not be allowed to do any transaction using this Card.

15.What will happen if I enter wrong OTP for 3 times?
If wrong OTP is entered for consecutive 3 times, Bank will block your Virtual Card and you will not be allowed to reuse or unblock the card, as a security measure.

However, you can cancel the Card to release the lien marked amount and if the Card is not cancelled it will expire automatically in maximum 48 hrs from the time of creation, and the lien on the blocked amount will be released.

16.Can I unblock my Virtual Card?
No, once the Card is blocked you cannot unblock or reuse the card.

17.What will happen to the amount, once my Card is blocked?
The amount will be shown as “lien marked” on the account. You can choose to cancel the Card to remove the lien and release the fund.

However, on expiry of the Card (i.e. within 48 hrs from the time of creation) the lien on the amount will be automatically released.

18.Can I earn interest on the balance?
Yes, Since the Card is generated by marking a lien and the amount is debited only when actual transaction is completed successfully, you continue to enjoy the interest, as applicable on your account, on the Virtual Card balance.

19.When will my account get debited?
The amount will be debited from the account only when actual purchase using the Virtual Card is completed successfully.

20.Is there any minimum or maximum limit for the Card generation?
Yes, currently the minimum amount for which a Card can be created is Rs 100/- while the maximum amount is Rs 50,000/- (per Card).

21.Can I create more than one Card or are there any limits on Card creation?
Yes, you can create any number of Cards subject to sufficient balance in the underlying account and with a maximum limit of Rs. 50,000/- per Card.

23.What will be the validity of my Virtual Card?
The card will expire:

•As soon as the transaction is completed.
or
•If the Card is cancelled.
or
•The Card is not used for 48 hours after creation.
(Whichever is earlier.)
Please Note: The expiry date mentioned on Card image may vary from actual expiry date of the Virtual Card. The expiry date on the Card is in the mm/yy format and is only for the purpose of inputting while doing a transaction using the Card. It does not reflect the actual expiry date of the card, which is Max. 48 Hrs.

24.Can I reuse (do multiple purchases with) my Virtual Card before expiry?
No; the Card is one-time use Card and will get de-activated once used successfully.

25.Can I use my Virtual Card for partial amount?
Yes; you can use your Virtual Card for partial amount, provided the amount is below the Card value.

26.If the Card is used for an amount lower than the card value, what will happen to remaining value?
The remaining (unutilised) value is automatically released back to your account after the card is used.

27.What will happen to the amount, if I do not use my Virtual Card and the card has expired?
The lien marked on the underlying account will be released automatically after expiry of the Card.

28.I have generated a Virtual Card and don’t want to use it. What should I do?
You can simply cancel your Virtual Card, using “Cancel Virtual Card” option on banks website and the lien marked on the amount will get released.

If not cancelled, the Card will expire in 48 hrs after creation and the lien will be automatically released.

29.How can I cancel my Virtual Card ?
1.Login to your online banking account and Click on “Cancel Virtual Card” tab.
3.After you confirm the action, the lien on the amount will be automatically released.

30.When will my account get credited after cancellation?
Immediately on cancellation, the lien will be released. (However, it may take few minutes in some cases)

32.Can I view all the Cards created and the transactions done on each Card?
You will be able to view all the Cards and transaction history of each Card created during past 3 months (with limit of max. 100 Cards).

33.Is my Virtual Card an International Card?
No, the Virtual Card is a domestic Card and can be used for online payment in Indian Rupee (INR) in India, Nepal and Bhutan only.

34.Can I use my Card for payment in a currency other than Indian Rupees?
No, currently the Virtual Card can be used for payments in INR only.

35.Is there any issuance charge or any annual fee for using Virtual Card?
No issuance / annual fee is charged currently. The facility is available to all Internet Banking customers free of cost.

36.Will the Bank guarantee timely delivery / quality of the goods/ services if purchased through Virtual Card?
No, the Bank shall not guarantee or be responsible for delivery / quality of the goods purchased using Virtual Card.

37.If I suspect that someone has seen my Virtual Card details, can someone use it for fraudulent transactions?
As the card usage is protected through OTP (One Time Password), which is only sent to the customer’s registered mobile phone, the chances of fraudulent transaction are very low. However, the customer must take adequate precaution to ensure that the Card details are not disclosed to any person who may misuse it.

39.Can I withdraw Cash using my Virtual Card?
No; the Card can be used only for making online payments in INR on merchant websites that accept “VISA/MasterCard” Debit Cards.

40.Can I use this Card for Mail Order or Telephone Order (MOTO) purchases?
No, the Card can be used only for making online payments in INR at sites that accept the “VISA/MasterCard” Debit Cards. Currently, this facility is not available on this Card.

God article Manish, One Important aspect. Nowadays-CC arel linked to a Mobile number- so any swipe on it is registered by SMS on mobile number; that helps the owner to understand any transaction happening on it- even if it is lost/misused. Also there’s OTP available on which makes it linked to Mobile numbers only.

1. RBI has mandated the use of EMV Chip and PIN Cards for Credit and Debit Cards in India wef June 30th, 2013, which means that every card produced henceforth will have a chip and will require a PIN (same as ATM PIN) to do even a swipe transaction. This date may change as banks may not be ready within the timeline but this will happen shortly.

2. CVV is the track data that is stored in the magnetic card and not the 3-digit number that you refer to. The 3-digit number at the back of the card is CVV-2; neither CVV-2 nor Verified-by-Visa/MasterCard Secure Code password is mandatory in many websites and they simply require only your card number and expiry date. However, in case there is a misuse on your card and no password has been sought by the website, you can still raise a dispute and the bank will refund the amount since the liability is with the merchant who is not compliant with this 2-Factor Authentication. Thanks to RBI, Internet based transactions are much safer in India than outside and so foreign cards being safer is just a myth.

***Speaking as a banker with 9 yrs experience in credit cards technology

I have been using credit cards from the day I started working, that was more than 7 years ago. Before i got my first salary, i was given the credit card without even verified for credit worthiness. But thankfully I never ever defaulted but had many near misses on frauds – would like share few

1) At Palika bazar, around 6 years ago I bought an expensive PS, while i was on my way back got a phone call from Bank that someone swiped my card thrice for different amounts ranging from 10k to 20k, which they immediately cancelled and and also blocked the card and sent me the new one. From that day I learn’t that certain places are not made for Credit Card usage. It’s your Judgement make it carefully.
2) I agree it’s not easy to live without credit cards, not because of financial reasons but because of ease and many places where you can’t live transact without it. Whenever i suspect, that there is possibility that my card is compromised, i will simply call the bank and tell them that by mistake I have damaged my card and ask for new card. Yes this may cost 100 to 500/- but worth every penny. Make sure you don’t tell them that you lost it, as in future if you are scammed they will argue that you were using your card carelessly.
3) If you have more than one card make sure you use one for online payment and another one at physical locations, this way you can keep track what are the possible location where you may have been tricked, in case of fraud.
4) Always, always make sure you leave a mark on merchant copy at merchant location, i write what ever amount I am paying along with signature. Not sure how beneficial is that but been told by a legal guy in case someone copies your signature you can claim that it’s not you, as you always leave a mark as well.
5) To be frank, there is no solution to CVV fraud that happen at foreign websites, and more importantly not many banks offer protections. Right now virtual cards seems to be the only solution but are very inconvenient for people like me who transact heavily – almost every other day. yes there is software from some banks who will give you instant virtual cards whenever they detect a online payment. But better we have global regulation for such transactions.

Now regarding Debit Card let me share a shocker regarding ICICI Bank Debit card. You don’t need PIN at all to swipe it at merchant machines, it works just like a credit card, heard many banks too are planning such Debit Cards. Once I used it at a petrol pump without a pin, but what happened next was a real shocker to me – the guy gave customer copy to me without asking for my signature on merchant copy. That was the only instance i ever used my debit card at merchant, but was enough to bring the hell out of me as that was my primary savings account.

To be frank we are at the mercy of law enforcement agencies who till now are doing fairly good job in tracking down the scamsters but many big frauds are still unreported or suppressed by financial institutions. Hope it changes, right now i feel pretty unsafe using plastic money.

I was aware that its called CVV-2 , but thought of use the word “CVV” itself, as thats how people know that ! . Anyways .. Good knowledge from your side. Why dont you also enlighten us on few things which you feel people should be aware about , but do not know about credit cards ! ?

Can you help us with some information which can be created as an articles? Atleast some pointers ?

Very informative article.
But I am not able to understand one advice “Better do not use Credit Card at all , use Debit card instead!” . As far as I know debit cards have the same shortcomings as listed above so how come it is more safer?

Atleast the MasterCard/Maestro debit cards are much safer than credit cards, because we need to enter the PIN everytime we swipe it at the merchant (just like at an ATM). Unfortunately though, most banks are pushing the Visa debit cards, which don’t require PIN entry at the merchant, so they are more unsafe. However, some of the higher end Visa debit cards (Platinum etc) may come with features like cancelling fraudulent transactions that happened “N” days before …

I still doubt that credit card company in India will refund the amount if there is a fradulent transaction.
Has any one received the money back if reported as soon as SMS received on mobile for the same transaction ?

I had recieved refund from ICICI Bank Credit Card. There was a fradulent transcation of 15 k for some US website. I called them after recieving my bill. They asked me to write a letter naming the transaction and stating that I did not make it and Fax it on there Mumbai HO number.

I did that and in a weeks time it was resolved. Sometimes we do not recieve SMS also, like in this case. Its good to check your bill.

Reminds me of an incident i had a couple of months back. I left the credit card at a hotel along with the bill and waited for the return. During that time i had an urgent call from office and i had left the hotel to office. Only after a day i realised i had left the card back at the hotel.

The guy at the hotel, first asked me to sign on a piece of paper and after comparing with the card signature which he handed back the card.
Incidentally i had never bothered about signing at the back of the debit card/food card/, but for some reason i had signed in this one. 🙂 saved a lot of embarrassment

Thats true, photo identity proof would have also worked. But signature would be more convincing to the third person, i feel.
If credit card card is issued along with the photo of the card holder that would make things more secure.

In the US, there is no risk to credit cards because the card usually comes with protection. All you need to do is call and say xxx transaction is not valid and you are good – no questions asked. I have had to use this feature 3-4 times and it was very easily done, quite cool. A couple of times, I have been alerted by the card company themselves as they have fraud detection systems that get triggered.

I’m not sure about this, but I think in India, cards don’t come with protection inbuilt like in the US and their fraud protection systems are not that robust. Which is why I am far more concerned about cards from Indian banks. I currently have a Kotak card (League Platinum) which comes with liability insurance from HDFC. As long as I report an invalid transaction within 7 days of the transaction, I am covered. There is no extra charge for this insurance cover and it was a feature of the card. So, I am hoping that I don’t have to worry about CVV, signature, online security, hacking, etc.

When taking a card, its a good idea to check for free protection on invalid transactions, fraud, etc. There is often insurance available but one has to pay for it, but that is not a good idea. The card company should handle this on their own or provide this insurance free of charge, like in the US.

Actually, after posting this, I checked the fine print of my card’s fraud protection feature and its very cumbersome – one has to file a FIR and claim form, and what not. Also, 7 days is too less as it should be at least one billing cycle. Maybe I will have to look for a better option! 🙁 Until then, I’ll keep the credit limit low.

I really was not having any idea that how signature on the back on credit card can be so usefull. Thanks for sharing this. Yes you are correct Virtual card is great option for online transction. HDFC card having this facility.

excellent as usual.
but regarding myth 4 of sighning on backside.
let us say i have not signed and a thief signs it after stealing card phsically and purchases. yes agreed even if a merchant matches sign it will match with his since he only has sighned on backside. but u get bill and dispute, now card is with the thief, your signatures with card company any way are different from that on bill with merchant,

not understood how situation is different from if your signatures are there on card and do not match with that on bill and merchants in india has not bothered to match with that on card as is mostly the case. in any case card is now not with me to claim and contest either of above two cases.

I am not sure about your case . If you put a signature on the card, then you are safe from your side. You are not liable to pay if the credit card signature and the signature on the bill does not match . Which will be the case if you SIGN The card, because the theaf wont be able to copy your signature . So credit card company itself will not issue the payment to the merchant and merchant has to take the LOSS , but if you do not sign it , then you will have to pay because merchant is safe here .

yes sir that is also the point. looking at my signature some expert may be able to put at least simillar signature. and if thief has never seen my signature it will be totally mismatch from the records held with card company. so i think it will be easier to contest in 2nd case.

But it becomes tough for the theaf to copy your signatures. Either he will not pay attention and put his original signatures , in which case merchant should catch him and tell him that its not valid , or the signatures should mismatch (if it matches, then theaf was really smart) . IN worst case if it goes through , you can always show your original signatures on your ID which will not match with the signatures on the reciept .

Note that all this is overall the ways to bring down the chances of fraud , This can never eliminate it with 100% accuracy !

Technology in financial transactions is a double edged sword. More and more people are using technology because of convenience, perceived benefits without knowing the threats, false notion of status symbol, only because it is affordable, to feel like in the modern world/updated etc. but hardly one tries to fully understand the procedures, importance of following standard and precautionary practices and learning to use the technology in a scientific/appropriate way. This is true about driving, use of mobile and internet, use of medicines and medical equipments, financial transactions and even the household equipments. Everyone is in a hurry. God bless them, God save them.

Thanks for sharing your views on this topic . Can you share what should be the limit of the usage of these kind of things . Are you negative about these technologies or just want people to first understand them and then go ahead ?

I am not suggesting exact number of usage allowed or limited to anyone but it should be used prudently and wherever necessary after assessing cost benefit, risks involved and it should not be just as a novelty or a fashionable thing. I am absolutely not against these technologies but as you said just want people to first understand them and go ahead. There must be mechanisms to make the people aware and all sort of authentic legal, technical help should also be easily, timely available for the people who might have suffered. I feel technology is being used to benefit the provider more than the user. There are many examples of this and customers have to use it even unwillingly because of no choice than to accept whatever is available. I strongly feel that end user’s needs and conveniences must have topmost priority and the only reason to implement technology.

This is the most knowledgeable author giving the most disastrous advise:
“Better do not use Credit Card at all , use Debit card instead!”

From the article, he seems well informed but this one sentence gives out the most disastrous advice.

Any money that goes out of your bank account is gone for ever with out any trace except in a very small percentage of cases in which the Bank provides you an insurance against erroneous deductions. ( Bank of America provides this. I do not know which bank in India provides such insurance)

My advice: Never never use debit card where you can use a credit card. In case of credit card, you can always complain and the credit card company/bank is obligated to cancel the transaction unless the merchant can produce non-controversial proof of your having used the credit card yourself!
Many of the grocery stores and other merchants inn USA do not even insist on your signature for transactions less than $50! The merchant is taking the risk for their convenience, NOT you!

After having continuously analyzed the credit card security for software developer for a living for substantial period, I speak with authority TILL some one can prove me wrong! ( and it is not a very remote possibility, the question is NOT IF but WHEN!)

Thanks for sharing your views and points . When I said that line, it had a context in itself. As credit cards have a higher upper limit (imagine limit of Rs 1 lac or something) , its possible that the fraud can be higher. Also using credit card is taking credit from someone , which most of the people are unable to handle beyond a point . Using debit card in that sense is good because you cant use more then what you have . If one is able to take care of all the measures, then also you feel one should always use credit card only ?

The author is again making a BIG mistake in assessing the comparative risks involved and especially while deciding which has higher risks: cr card or debit card.
In case of cr card, the following protections are there:
1. You can always object to cr card transaction .
2. When objected, the merchant and the banker have to prove that YOU DID use the card and not some one else using a stolen card.
3.Nothing goes out of your bank account till you pay the cr card company/banker.
4. Cr Card comapanies have fraud detection system by which suspicious amount (larger than usual) or use from suspicious place is detected and more secure procedure is intervened ( like phone authentication etc.)
In case of Debit card:
1. One money goes out of your bank, it is gone for good.
2. Unless Banks have insurance against fraud, banks wont reimburse a fraudulent deduction.
The reason about people being unable to handle beyond a point a loan in case of Cr card and being generous with your own money in case of debit card is a reason which does not deserve any merit.
The only reason should be the comparable risk of loss of money and in case of Dr card it is highest. Hence, advise should:
1. Avoid debit card as far as possible
2. Always use Cr Card instead.

Thanks for sharing your views . I agree with most of the points, but then someone’s personal comfort and views are also to be seen . Also what do you think about the recent issues of “Credit Reports” because of credit cards ? INcase you can present your views on that ?

I have faced the same situation mentioned in 2nd point while paying for some foreign certification. But what are the alternatives considering those certification and many other like sites will require credit card only and with a considerable credit limit as 10K or 20K is very less. I am facing the same dilemma for quite some time and could not come up with any point…

There is an alternative, by which you can indirectly use your CC via PayPal. If that website support PayPal then you can link your CC with PayPal account and this way you can keep your CC safe.
This applies only if site support PayPal.

I also come across such situation But thanks for this clear information on this topic. I was thinking like It might depend upon gateway whether to ask for that code or not..! Anyways, This will help me when I make online transaction.

1. Have there been cases where in case of a credit card fraud (physical swipe), the bank has agreed not to charge the holder because of a signature mismatch ?

2. Do you have a link for the rules/laws on point #4, i.e., it is the merchant’s responsibility to match signatures ?

I ask because as you mentioned, i have not seen any merchant in india match the signatures, while those in USA carefully check it everytime we swipe the card. In the incident you had linked to (card used when person is not there), the resolution was not mentioned.

I didnt get a link for India , but I read the same thing on some articles and I think the Visa rules are same across countries, infact in the same PDF , in the starting it says that all are same for ASIA also . I am sure there will be the guidelines somewhere in RBI website, but I was not able to locate it for now .

I have faced the same situation mentioned in 2nd point while paying for some foreign certification. But what are the alternatives considering those certification and many other like sites will require credit card only and with a considerable credit limit as 10K or 20K is very less.